HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Active Exploitation of Drupal Core SQL Injection (CVE-2026-9082) Added to CISA KEV Catalog

CISA has placed Drupal Core CVE‑2026‑9082 in its Known Exploited Vulnerabilities catalog after confirming active attacks. The flaw allows unauthenticated SQL injection, putting any Drupal‑based website at risk of data loss and service disruption, a concern for third‑party risk managers.

LiveThreat™ Intelligence · 📅 May 23, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Active Exploitation of Drupal Core SQL Injection (CVE‑2026‑9082) Threatens Web Applications

What It Is — A critical SQL‑injection flaw in Drupal Core (CVE‑2026‑9082) permits an unauthenticated attacker to execute arbitrary database commands, potentially leading to data theft, site defacement, or full system takeover. CISA has verified active exploitation and added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Exploitability — Exploits are observed in the wild; proof‑of‑concept code circulates on underground forums. The CVSS base score is 9.8 (Critical), reflecting remote code execution and data‑exfiltration potential.

Affected Products — Drupal Core versions 9.0.0‑9.5.12 and 10.0.0‑10.2.5 are vulnerable. Any organization that runs a Drupal‑based website—public portals, intranets, SaaS applications, or hosted CMS services—is at risk.

TPRM Impact — Third‑party risk managers must treat any vendor that supplies, hosts, or integrates Drupal sites as a high‑risk supplier. A compromised Drupal instance can expose downstream customer data, disrupt business operations, and trigger regulatory breach‑notification obligations.

Recommended Actions

  • Inventory all third‑party and internal Drupal deployments and confirm version numbers.
  • Apply the official Drupal security patch (released 2026‑05‑15) within 30 days.
  • Run targeted SQL‑injection scans against all Drupal assets.
  • Amend contracts to require timely remediation of KEV‑listed vulnerabilities.
  • Subscribe to CISA KEV updates for future high‑risk additions.

Source: CISA Advisory – CVE‑2026‑9082

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/05/22/cisa-adds-one-known-exploited-vulnerability-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →